Super Optimiser shows in 'processes'... cannot delete

[base1268]

Hey guys...

Noticed today while in the task manager that I had a process going on I didn't recognise.

With some research it is known as a piece of malware called Super Optimizer... so I went to get rid of it but 'access denied' even in an elevated cmd prompt... the reason says it cannot delete the file chosen because it is being used by another process... but I have no idea which other process is using it to shut it down so I can delete.

It lists as an application file (.exe) 5,687kb and resides in Program Data folder with this string listing :

{ea15c119-fa35-93e4-ea15-5c119fa30467}

Any help appreciated

Nick

 

[Callender]

If you like you can download UVK and run a scan. Upload the log and I could most likely write a script to remove it.

UVK - Ultra Virus Killer - get free version (not beta)

Once installed right click the icon and run as admin. Choose "Scan and create log"

Choose these settings:



When finished save the log to your desktop. It will be quite a large file so zip it and upload it. If it's too big split the log by cutting and pasting into smaller files.

 

[Jacee]

Click on the "Processes" tab in task manager and stop the program from running.
Boot into safe mode, then delete the folder, or file found. Reboot into normal mode and run a full scan with Malwarebytes' Antimalware.

Here is the free version, if you don't already have it:
Download (free version) Malwarebytes' Anti-Malware to your desktop
Malwarebytes | Free Anti-Malware Detection & Removal Software
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[base1268]

I had spent a bit of time trying to remove it without success when I posted this question... then it suddenly dawned on me that I recently began to keep a really up to date 'Macrium Reflect' disk image that is set to be incrementally backed up weekly.... so I simply went back prior to the 19th when this thing showed as being created and restored that 'clean' image.

Sure enough of course that killed it, but it's awesome to get the responses here so swiftly and reassuring to know about the community here where those with a deeper level of understanding are happy to exercise those skills by solving issues that some of us are stumped by.

many thanks

 

[Jacee]

Glad you found the problem